Jun 18

Nginx compile options

By jason Nginx Server No Comments »

configure determines the features of system and, in particular, the methods, which nginx can use for handling connections. Finally it creates the Makefile.

configure supports the following options:

–prefix=<path> – The path relative to which all other Nginx paths will resolve. If not specified, defaults to /usr/local/nginx.

–sbin-path=<path> – The path to the nginx executable. Only used for installation. If not specified defaults to <prefix>/sbin/nginx.

–conf-path=<path> – The default location of nginx.conf if no -c parameter is provided. If not provided, defaults to <prefix>/conf/nginx.conf.

–pid-path=<path> – The path to nginx.pid, if not set via the "pid" directive in nginx.conf. If not provided, defaults to <prefix>/logs/nginx.pid.

–lock-path=<path> – The path to the nginx.lock file. If not provided, defaults to <prefix>/logs/nginx.lock.

–error-log-path=<path> – The location of the error log if not set via the "error_log" in nginx.conf. If not set, defaults to <prefix>/logs/error.log.

–http-log-path=<path> – The location of the access log if not set via the "access_log" directive in nginx.conf. If not set, defaults to <prefix>/logs/access.log.

–user=<user> – The default user that nginx will run as if not set in nginx.conf via the "user" directive. If not set, defaults to "nobody".

–group=<group> – The default group that nginx will run under if not set via the "user" directive in nginx.conf. If not set defaults to "nobody".

–builddir=DIR – Set the build directory

–with-rtsig_module – Enable rtsig module

–with-select_module –without-select_module – Whether or not to enable the select module. This module is enabled by default if a more suitable method such as kqueue, epoll, rtsig or /dev/poll is not discovered by configure.

–with-poll_module –without-poll_module – Whether or not to enable the poll module. This module is enabled by default if a more suitable method such as kqueue, epoll, rtsig or /dev/poll is not discovered by configure.

–with-http_ssl_module – Enable ngx_http_ssl_module. Enables SSL support and the ability to handle HTTPS requests. Requires OpenSSL. On Debian, this is libssl-dev.

–with-http_realip_module – Enable ngx_http_realip_module

–with-http_addition_module – Enable ngx_http_addition_module

–with-http_sub_module – Enable ngx_http_sub_module

–with-http_dav_module – Enable ngx_http_dav_module

–with-http_flv_module – Enable ngx_http_flv_module

–with-http_stub_status_module – Enable the "server status" page

–without-http_charset_module – Disable ngx_http_charset_module

–without-http_gzip_module – Disable ngx_http_gzip_module. Requires zlib if enabled.

–without-http_ssi_module – Disable ngx_http_ssi_module

–without-http_userid_module – Disable ngx_http_userid_module

–without-http_access_module – Disable ngx_http_access_module

–without-http_auth_basic_module – Disable ngx_http_auth_basic_module

–without-http_autoindex_module – Disable ngx_http_autoindex_module

–without-http_geo_module – Disable ngx_http_geo_module

–without-http_map_module – Disable ngx_http_map_module

–without-http_referer_module – Disable ngx_http_referer_module

–without-http_rewrite_module – Disable ngx_http_rewrite_module. Requires PCRE if enabled.

–without-http_proxy_module – Disable ngx_http_proxy_module

–without-http_fastcgi_module – Disable ngx_http_fastcgi_module

–without-http_memcached_module – Disable ngx_http_memcached_module

–without-http_limit_zone_module – Disable ngx_http_limit_zone_module

–without-http_empty_gif_module – Disable ngx_http_empty_gif_module

–without-http_browser_module – Disable ngx_http_browser_module

–without-http_upstream_ip_hash_module – Disable ngx_http_upstream_ip_hash_module

–with-http_perl_module – Enable ngx_http_perl_module

–with-perl_modules_path=PATH – Set path to the perl modules

–with-perl=PATH – Set path to the perl binary

–http-client-body-temp-path=PATH – Set path to the http client request body temporary files. If not set, defaults to <prefix>/client_body_temp

–http-proxy-temp-path=PATH – Set path to the http proxy temporary files. If not set, defaults to <prefix>/proxy_temp

–http-fastcgi-temp-path=PATH – Set path to the http fastcgi temporary files. If not set, defaults to <prefix>/fastcgi_temp

–without-http – Disable HTTP server

–with-mail – Enable IMAP4/POP3/SMTP proxy module

–with-mail_ssl_module – Enable ngx_mail_ssl_module

–with-cc=PATH – Set path to C compiler

–with-cpp=PATH – Set path to C preprocessor

–with-cc-opt=OPTIONS – Additional parameters which will be added to the variable CFLAGS. With the use of the system library PCRE in FreeBSD, it is necessary to indicate –with-cc-opt="-I /usr/local/include". If we are using select() and it is necessary to increase the number of file descriptors, then this also can be assigned here: –with-cc-opt="-D FD_SETSIZE=2048".

–with-ld-opt=OPTIONS – Additional parameters passed to the linker. With the use of the system library PCRE in FreeBSD, it is necessary to indicate –with-ld-opt="-L /usr/local/lib".

–with-cpu-opt=CPU – Build for specified CPU, the valid values: pentium, pentiumpro, pentium3, pentium4, athlon, opteron, amd64, sparc32, sparc64, ppc64

–without-pcre – Disable PCRE library usage. Also disables HTTP rewrite module. PCRE is also required for regular expressions in "location" directive.

–with-pcre=DIR – Set path to PCRE library sources.

–with-pcre-opt=OPTIONS – Set additional options for PCRE building.

–with-md5=DIR – Set path to md5 library sources.

–with-md5-opt=OPTIONS – Set additional options for md5 building.

–with-md5-asm – Use md5 assembler sources.

–with-sha1=DIR – Set path to sha1 library sources.

–with-sha1-opt=OPTIONS – Set additional options for sha1 building.

–with-sha1-asm – Use sha1 assembler sources.

–with-zlib=DIR – Set path to zlib library sources.

–with-zlib-opt=OPTIONS – Set additional options for zlib building.

–with-zlib-asm=CPU – Use zlib assembler sources optimized for specified CPU, valid values are: pentium, pentiumpro

–with-openssl=DIR – Set path to OpenSSL library sources

–with-openssl-opt=OPTIONS – Set additional options for OpenSSL building

–with-debug – Enable debug logging

–add-module=PATH – Add in a third-party module found in directory PATH

Options may vary slightly between versions. Always check ./configure –help for the current list.

Edit section: Examples Examples


Edit section: Example 1 Example 1

This is a single line! 

./configure \
  --sbin-path=/usr/local/nginx/nginx \
  --conf-path=/usr/local/nginx/nginx.conf \
  --pid-path=/usr/local/nginx/nginx.pid \
  --with-http_ssl_module \
  --with-pcre=../pcre-4.4 \
  --with-zlib=../zlib-1.1.3

Edit section: Example 2 Example 2

Default Debian Lenny. 

./configure \
  --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --pid-path=/var/run/nginx.pid \
  --lock-path=/var/lock/nginx.lock \
  --http-log-path=/var/log/nginx/access.log \
  --with-http_dav_module \
  --http-client-body-temp-path=/var/lib/nginx/body \
  --with-http_ssl_module \
  --http-proxy-temp-path=/var/lib/nginx/proxy \
  --with-http_stub_status_module \
  --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
  --with-debug \
  --with-http_flv_module

Edit section: Example 3 Example 3

I use this configuration for 50+ worth millions impressions per day. 

./configure \
  --prefix=/usr \
  --conf-path=/etc/nginx/nginx.conf \
  --http-log-path=/var/log/nginx/access_log \
  --error-log-path=/var/log/nginx/error_log \
  --pid-path=/var/run/nginx.pid \
  --http-client-body-temp-path=/var/tmp/nginx/client \
  --http-proxy-temp-path=/var/tmp/nginx/proxy \
  --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi \
  --with-md5-asm --with-md5=/usr/include \
  --with-sha1-asm \
  --with-sha1=/usr/include \
  --with-http_realip_module \
  --with-http_ssl_module \
  --with-http_perl_module \
  --with-http_stub_status_module

Edit section: Example 4 Example 4

Example on Ubuntu/debian with libgcrypt11-dev, libpcre3-dev and libssl-dev installed (choose EITHER –with-md5 OR –with-sha1, but not both; on debian and ubuntu, they should both point to /usr/lib) 

./configure --with-openssl=/usr/lib/ssl/ --with-md5=/usr/lib

An Ubuntu Edgy .deb for version 0.5.2 can be found here: nginx_0.5.2-1_i386.deb .

Edit section: Example 5 Example 5

I use this on RedHat based distros (RHEL, CentOS, Fedora). This is the configuration used for running this wiki.

First, install the dependencies: 

yum install gcc openssl-devel pcre-devel zlib-devel

Then run configure: 

./configure \
  --prefix=/usr \
  --sbin-path=/usr/sbin/nginx \
  --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx/error.log \
  --pid-path=/var/run/nginx/nginx.pid  \
  --lock-path=/var/lock/nginx.lock \
  --user=nginx \
  --group=nginx \
  --with-http_ssl_module \
  --with-http_flv_module \
  --with-http_gzip_static_module \
  --http-log-path=/var/log/nginx/access.log \
  --http-client-body-temp-path=/var/tmp/nginx/client/ \
  --http-proxy-temp-path=/var/tmp/nginx/proxy/ \
  --http-fastcgi-temp-path=/var/tmp/nginx/fcgi/

Then finally build and install: 

make && make install
Tagged with:
Jun 16

How to ssl certificate installation with nginx

By jason Nginx Server No Comments »

Nginx Server SSL Certificate Installation:

Create a real SSL Certificate

1.Make sure OpenSSL is installed and in your PATH.

2.Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
         $ openssl genrsa -des3 -out server.key 1024
Please backup this server.key file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:
         $ openssl rsa -noout -text -in server.key
If necessary, you can also create a decrypted PEM version (not recommended) of this RSA private key with:
         $ openssl rsa -in server.key -out server.key.unsecure

3.Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
         $ openssl req -new -key server.key -out server.csr
Make sure you enter the FQDN ("Fully Qualified Domain Name") of the server when OpenSSL prompts you for the "CommonName", i.e. when you generate a CSR for a website which will be later accessed via https://www.yourdomain.dom/, enter "www.yourdomain.dom" here. You can see the details of this CSR by using
         $ openssl req -noout -text -in server.csr

4.You now have to send this Certificate Signing Request (CSR) to a Certifying Authority (CA) to be signed. Once the CSR has been signed, you will have a real Certificate, which can be used by Apache. You can have a CSR signed by a commercial CA, or you can create your own CA to sign it.
Commercial CAs usually ask you to post the CSR into a web form, pay for the signing, and then send a signed Certificate, which you can store in a server.crt file. For more information about commercial CAs see the following locations:

  1. Verisign
    http://digitalid.verisign.com/server/apacheNotice.htm
  2. Thawte
    http://www.thawte.com/
  3. CertiSign Certificadora Digital Ltda.
    http://www.certisign.com.br
  4. IKS GmbH
    http://www.iks-jena.de/leistungen/ca/
  5. Uptime Commerce Ltd.
    http://www.uptimecommerce.com
  6. BelSign NV/SA
    http://www.belsign.be

For details on how to create your own CA, and use this to sign a CSR, see below.
Once your CSR has been signed, you can see the details of the Certificate as follows:
$ openssl x509 -noout -text -in yourdomain.crt

Copy the Certificate files to your server:


Copy them(server.key,yourdomain.crt), along with the .key file you generated when you created the CSR, to the directory on your server where you will keep your certificate and key files. Make them readable by root only to increase security.

Edit the Nginx virtual hosts file.

Now open your Nginx virtual host file for the website you are securing. If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a server module for each type of connection. Make a copy of the existing non-secure server module and paste it below the original. Then add the lines in bold below: 

server {

listen   443;

ssl    on;
ssl_certificate    /etc/ssl/yourdomain.crt;
ssl_certificate_key    /etc/ssl/server.key;

server_name www.yourdomain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
	root   /home/www/public_html/your.domain.com/public/;
	index  index.html;
}

}

Adjust the file names to match your certificate files:

  • ssl_certificate should be your primary certificate combined with the intermediate certificate that you made in the previous step (e.g. your_domain_name.crt).
  • ssl_certificate_key should be the key file generated when you created the CSR.
Tagged with:
Jun 13

how to turn off server version for nginx

By jason Nginx Server No Comments »

For securing, you probably want to turn off the version with the directive “server_tokens off”.

server_tokens
syntax: server_tokens on|off
default: server_tokens on
context: http, server, location
Whether to send the Nginx version number in error pages and Server header.

If you want to remove the name of the server completely you need to alter the source code prior to compiling.
Edit /path/to/nginx-0.*/src/http/ngx_http_header_filter_module.c lines 48 and 49:

static char ngx_http_server_string[] = “Server: nginx” CRLF; static char ngx_http_server_full_string[] = “Server: ” NGINX_VER CRLF;

Put in anything you like.
If you want to edit NGINX_VER, it is defined, along with some other relevant constants, in /path/to/nginx-0.*/src/core/nginx.h, lines 11-13.

Refrence:http://wiki.nginx.org/NginxHttpCoreModule#server_tokens
                  http://www.net-square.com/httprint/httprint_paper.html

Tagged with:
Jun 12

How to load balance with nginx

By jason Nginx Server 3 Comments »

Nignx is a very great web server and load banlancer. In my “Nginx Server” category have more about nginx.

If you want to configure load balancer with nginx,you can difine upstream to finish.

deployment overview

real server1
www.domain1.com
192.168.1.11

real server2
www.domain1.com
192.168.1.12

load balancer
balancer.domain1.com
192.168.1.13

master config part:

worker_processes  20;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
worker_rlimit_nofile 51200;

events {
      use epoll;
      worker_connections 51200;
}

http {
log_format  www  ‘$remote_addr – $remote_user [$time_local] $request ‘
                        ‘"$status" $body_bytes_sent "$http_referer" ‘
                        ‘"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"’;

access_log  logs/access.log  main;
client_header_timeout   10m;
client_body_timeout     10m;
send_timeout            10m;
client_max_body_size     4m;
client_body_buffer_size    256k;

connection_pool_size            256;
client_header_buffer_size       1k;
large_client_header_buffers     4 2k;
request_pool_size               4k;

output_buffers  1 32k;
postpone_output 1460;

tcp_nopush     on;
tcp_nodelay    on;

gzip  on;
gzip_comp_level  3;
gzip_min_length  1100;
gzip_buffers  4 8k;
gzip_proxied any;
gzip_http_version  1.1;
gzip_types  text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascri
pt;

include       mime.types;
default_type  application/octet-stream;
keepalive_timeout 120;

load banlancer config part:

upstream  www.domain1.com  {
        server   192.168.10.11:80;
        server   192.168.10.12:80;
        server   192.168.10.13:80;
}

server
{
        listen  80;
        server_name  www.domain1.com;

        location / {
                 proxy_pass        http://www.domain1.com;
                 proxy_set_header   Host             $host;
                 proxy_set_header   X-Real-IP        $remote_addr;
                 proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }
}

Tagged with:
Jun 12

How to Multiple domains load banlance with nginx

By jason Nginx Server No Comments »

Nignx is a very great web server and load banlancer. In my “Nginx Server” category have more about nginx.

If you want to configure multiple mongrel clusters to be used with multiple domains or sub-domains then define multiple upstream blocks and server blocks and add it to the same nginx config file.

master config part:

worker_processes  20;

#error_log  logs/error.log  info;

#pid        logs/nginx.pid;
worker_rlimit_nofile 51200;

events {
      use epoll;
      worker_connections 51200;
}

http {
log_format  www  ‘$remote_addr – $remote_user [$time_local] $request ‘
                        ‘"$status" $body_bytes_sent "$http_referer" ‘
                        ‘"$http_user_agent" "$http_x_forwarded_for" "$gzip_ratio"’;

access_log  logs/access.log  main;
client_header_timeout   10m;
client_body_timeout     10m;
send_timeout            10m;
client_max_body_size     4m;
client_body_buffer_size    256k;

connection_pool_size            256;
client_header_buffer_size       1k;
large_client_header_buffers     4 2k;
request_pool_size               4k;

output_buffers  1 32k;
postpone_output 1460;

tcp_nopush     on;
tcp_nodelay    on;

gzip  on;
gzip_comp_level  3;
gzip_min_length  1100;
gzip_buffers  4 8k;
gzip_proxied any;
gzip_http_version  1.1;
gzip_types  text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascri
pt;

include       mime.types;
default_type  application/octet-stream;
keepalive_timeout 120;

Multiple domains load banlancer config part:

upstream  www.domain1.com  {
        server   192.168.10.11:80;
        server   192.168.10.12:80;
}

server
{
        listen  80;
        server_name  www.domain1.com;

        location / {
                 proxy_pass        http://www.domain1.com;
                 proxy_set_header   Host             $host;
                 proxy_set_header   X-Real-IP        $remote_addr;
                 proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }

}

upstream  www.domain2.com  {
        server   192.168.10.21:80;
        server   192.168.10.22:80;
}

server
{
        listen  80;
        server_name  www.domain2.com;

        location / {
                 proxy_pass        http://www.domain2.com;
                 proxy_set_header   Host             $host;
                 proxy_set_header   X-Real-IP        $remote_addr;
                 proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
        }

        access_log  /usr/local/nginx/logs/domain2.log  www;
}

Tagged with:
Dec 29

Analysis access logs of Nginx by awstats

By jason Nginx Server No Comments »

Foreword

In my previous article “Using Nginx to enhance the speed of site visits,” introduced Nginx the HTTP server and how to accelerate through its Web site access.  In the actual Web site operators, we often need to understand that the site visit, for example, the number of IP day visit, PV is the number, which URL to visit the largest, most users browser which is what way to know this site and the number of users access to an error and so on, through mastering the information to improve the user experience, thereby improving the quality of the site.  Generally we can visit free of charge through a number of statistics to sites such as Google Analytics or the information.   But the inadequacies of such sites is only an analysis of the page does not include static documents; There may be a lot of regulators do not want to use such tools to expose their own data, all sorts of these factors make regulators want to analyze access logs.  And awstats is enough to meet all these requirements.

Awstats in SourceForge to develop quickly a Perl of WEB-based log analysis tool, a full analysis of the log so that Awstats shows you the following information:

  1. Visits, the number of unique visitors,
  2. Access time and the last visit,
  3. User authentication, the recent certification visit
  4. Weekly peak time (the number of pages, click-through rate per hour and week kilobytes),
  5. Name / country hosts visitors (pages, click-through rate, byte, 269 domains / countries detected, geoip detection),
  6. Host list of recently visited and did not resolve the IP address list
  7. Most have read the entry and exit pages,
  8. , File types,
  9. Site compression tables (mod_gzip or mod_deflate),
  10. Operating system (one for each operating system, the number of pages, click-through rate, byte, 35 OS detected),
  11. Using a browser,
  12. Robot visits (319 robots detected),
  13. Worm attacks (5 worm family),
  14. Search engines, use keyword search to find your address,
  15. HTTP protocol error (the most recent inspection did not find the page),
  16. Other reports based on the personalized URL, link parameters, involving the field of integrated marketing purpose.
  17. Your site by adding “favorite bookmarks.” Views.
  18. Screen size (in the index page of the need to add some HTML tags).
  19. The proportion of browser support: Java, Flash, RealG2 reader, Quicktime reader, WMA reader, PDF reader.
  20. The ratio of load-balancing server cluster report.

Awstats operating environment requires PERL support awstats documents from view, its support for Apache HTTP Server is a very perfect, and when we Nginx replaced after the Web server to run awstats become very troublesome.  First Nginx support Perl itself is relatively weak, and even the official does not recommend the use of; another format in the log there is a need to revised in order to run.

This paper mainly introduces awstats by allowing the outcome of the survey on the log to generate a static page, and then through Nginx statistical output in order to achieve the effect of Nginx access logs, including how to make automatic cutting Nginx log files.

Nginx configure automatic log cutting

With the Apache HTTP Server (hereinafter referred to Apache) The difference is, Apache will log the output of the way through the pipeline re-orientation, and so to automatically log cutting. In the current version of Nginx could not, like Apache, through parameters such as% YY in batches by date to create the log, but nginx process through to send a specific signal, can regenerate nginx log files.  We can implement a Shell script to switch the log, rename or transfer, the specific script is as follows:

# mv  /opt/nginx/logs/access.log /opt/nginx/logs/access_`date +%Y%m%d`.log
# killall –s USR1 nginx

The above script will be saved as a file name content logcron.sh depositors to self-directory, for example, / opt / nginx / sbin / logcron.sh

Crontab allow the use of script in a day 23:59 self-executing, you can do so by the day to create the log.

To install and configure Awstats

Before installing the need to confirm your server Perl environment already in place.

perl –version See the current environment is a Perl version of the command perl-version

We also need to log format Nginx be small changes will not be able to otherwise awstats statistics.

Examples are as follows (bold part):

# vi /opt/nginx/conf/nginx.conf

server {
listen       80;
server_name  localhost;

location ~ ^/web/ {
root   /data/web;
index  index.html;
error_log off;
charset utf-8;
}

log_format  new_log
'$remote_addr - $remote_user [$time_local] $request '
        '"$status" $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  logs/access.log new_log;
}

 

 

Download the latest version of awstats package, download the address, see the end, the article references. To download the tar package extract to any directory, for example: /usr/local/awstats. And then the implementation of tools directory awstats_configure.pl Configuration Wizard, create a new statistics.

-----> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
#> none

Enter

Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)

-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
  File awstats.model.conf updated.

-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?
#> y

Enter

-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
#> www.moabc.net
www.moabc.net

Enter

-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
#>

Enter directly using the default, then there will be the following tips

----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.moabc.net
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now

A SIMPLE config file has been created: /etc/awstats/awstats.www.moabc.net.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.moabc.net' with command:
> perl awstats.pl -update -config=www.moabc.net
You can also build static report pages for 'www.moabc.net' with command:
> perl awstats.pl -output=pagetype -config=www.moabc.net

Press ENTER to finish...

Enter the completion of the wizard, then modify configuration www.moabc.net statistics

#vi /etc/awstats/awstats.www.moabc.net.conf
Statistics of the log file to find the path

LogFile=”/var/log/httpd/mylog.log”
Changed
LogFile=”/opt/nginx/logs/access_%YYYY-0%MM-0%DD-0.log

Nginx above the corresponding log cutting procedures generated directory storage structure, attention should be paid to the date Awstats format Nginx with different wording. We are now the order of the implementation of statistics are:

Nginx generated log -> Log Cutting -> Nginx continue to produce the log -> Save cutting logs -> by Awstats Statistics -> generate results

In this article, the statistics Awstats logs, have been cut down that part. Can also reverse the order of a further cut before the end statistics.  But this is easier statistical omission.  Configuration modifications are completed, save quit.  Then we can begin to try manually.

  1. First implementation of the log cutting logcron.sh script to log Nginx cut.
  2. Awstats log and then update the implementation of the beginning of statistical analysis.
# /opt/nginx/sbin/logcron.sh
# /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.moabc.net

Create/Update database for config "/etc/awstats/awstats.www.moabc.net.conf"
        by AWStats version 6.7 (build 1.892)
From data in log file "/opt/nginx/logs/access_20080804.log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 450421)
Jumped lines in file: 450421
 Found 450421 already parsed records.
Parsed lines in file: 120
 Found 0 dropped records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 120 new qualified records.

See above shows that the log cutting and running Awstats have been correct. Statistical analysis is completed, the results also Awstats database.  In Apache, you can directly open a Perl program page view statistics.   However, the beginning of this article has already been mentioned, Nginx support of Perl is not good, so we need a change in methods, the use of the tool will awstats the outcome of the survey to generate static documents, concrete steps are as follows:

  • First of all, in the webroot directory, create a folder.
  • Then let Awstats to generate static pages to the directory
# mkdir  /data/webroot/awstats

# /usr/local/awstats/tools/awstats_buildstaticpages.pl -update  \
-config=www.moabc.net -lang=en -dir=/data/admin_web/awstats  \
-awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl

The specific meaning of the order is as follows:

  • /usr/local/awstats/tools/awstats_buildstaticpages.pl  Awstats static page generation tool
  • -update-config = www.moabc.net update the configuration item
  • -lang = en language is English
  • -dir=/data/admin_web/awstats  statistical results output directory
  • -awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl  Awstats log update path.

Next, just nginx.conf in the directory can be configured up.  Examples are as follows: (bold part):

server {
listen       80;
server_name  localhost;

location ~ ^/web/ {
root   /data/web;
index  index.html;
error_log off;
charset utf-8;
}

location ~ ^/awstats/ {
        root   /data/webroot/awstats;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
}

location ~ ^/icon/ {
        root   /usr/local/awstats/wwwroot;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        }
}

 

Use your browser to view the detailed results of the statistical http://youhostname/awstats/awstats.www.moabc.net.html

At this point, the use of awstats have been able to fully support the Nginx log statistics.

Configured to run automatically Awstats

In order for the entire statistical process log auto-complete, we need to set up crontab scheduled tasks, so that Nginx Log Awstats automatic cutting and running, from time to time to generate results page.

#vi /etc/crontab

11 59 * * * /opt/nginx/sbin/logcron.sh
00 1 * * * /usr/local/awstats/tools/awstats_buildstaticpages.pl  \
-update -config=www.moabc.net -lang=cn -dir=/data/admin_web/awstats \
-awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl  

#00:01  Awstats analysis log

#crontab /etc/crontab

The protection of the log results page

Regulators are generally reluctant to make people aware of their station not the real traffic, so results should Awstats password-protected pages. Nginx using Apache with the same password in encrypted format, where the need to bring their own tools apache used htpasswd.

If you default on this machine equipped with Apache, which you only in its directory run

For example:

#/usr/local/apache2/bin/htpasswd -c admin.pass admin

New password:
Re-type new password:
Adding password for user admin

server {
 	listen       80;
 	server_name  localhost;
 	location ~ ^/web/ {
 	root   /data/web;
 	index  index.html;
 	error_log off;
 	charset utf-8;
 	} 

 	location ~ ^/awstats/ {
        root   /data/admin_web;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        auth_basic     "admin";
     /opt/ngx/conf/admin.pass;
        }

        location ~ ^/icon/ {
        root   /usr/local/awstats/wwwroot;
        index  index.html;
        access_log off;
        error_log off;
        charset utf-8;
        }
}

Aggregate

Although with the Apache HTTP Server comparison, Nginx function is relatively weak, but we can still use some techniques to circumvent these weaknesses, Nginx designers certainly give full consideration to this issue.  Now a growing number of third-party development in a gradual expansion module Nginx function.  But from the perspective of the application itself, Nginx more inclined to superior performance, rather than function, which in a number of additional functions, we can not too high on the requirements.

Reference resources

  • Nginx English site: http://www.nginx.net
  • Awstats Web site: http://awstats.sourceforge.net
Tagged with:
Dec 29

Nginx visit the Web site to enhance the use of speed

By jason Nginx Server 1 Comment »

About Nginx

Nginx ( "engine x") is a high-performance and HTTP reverse proxy server is also a proxy server IMAP/POP3/SMTP. Nginx by Igor Sysoev to visit Russia in the second volume of Rambler.ru development of the site, which has been the site of more than two and a half years of operation. Igor will be the source code to BSD-type license issued in the form. Despite the still beta, but, Nginx because it has the stability of the rich feature set, and low-profile example of system resources consumption and a well-known.

Nginx before use to know

At present, the official Nginx does not support Windows, you can only include Linux, UNIX, BSD system to install and use;

1.  Nginx itself is only a HTTP proxy server and reverse, it can not be the same as Apache by installing a variety of modules to support different page script, such as PHP, CGI, etc.;

2. Nginx support of a simple load balancing and fault-tolerant;

3. As support for basic HTTP server functionality, such as logging, compression, Byte ranges, Chunked responses, SSL, virtual host, and so on, everything.

In the Linux install Nginx

In order to ensure that Nginx in the use of regular expressions for a more flexible configuration, installation prior to the need to determine whether the system installed PCRE (Perl Compatible Regular Expressions) package.  You can ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/ download the latest PCRE source package, compiled using the following command to download and install the PCRE package

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz
# tar zxvf pcre-7.7.tar.gz 
# cd pcre-7.7
# ./configure
# make
# make install

If  your OS is CentOS,you can:
yum install pcre

Then install Nginx, Nginx general there are two versions of which are stability and development of version version, you can choose your purpose of the two versions of one of the following is to install Nginx to / opt / nginx detailed directory : 
# wget http://sysoev.ru/nginx/nginx-0.6.34.tar.gz
# tar zxvf nginx-0.6.34.tar.gz
# cd nginx-0.6.34
# ./configure –with-http_stub_status_module –prefix=/opt/nginx 
# make
# make install

Parameters of which –with-http_stub_status_module to nginx opening of the NginxStatus function to monitor the current state of Nginx.

After the success of the installation /opt/nginx four sub-directory are: conf, html, logs, sbin. Nginx one of the profile stored in conf / nginx.conf, Nginx is only one program file is located in the sbin directory nginx document. The 80 ports to ensure that the system did not have been occupied by other programs, run sbin / nginx order to start Nginx, open the browser to access the machine’s IP, if the browser appears Welcome to nginx! Said Nginx have been installed and running successfully.

Nginx common parameters and control

Running parameters

Nginx only after the installation of a program file itself does not provide a variety of management procedures, it is the use of the system parameters and mechanism of signal Nginx control of the process itself.  Nginx parameters include the following:

-c <path_to_config>: the use of specified profile rather than the conf directory nginx.conf.
-t: test configuration file is correct, the need to re-load the run-time configuration, this command is very important to detect the revised profile of whether there is a syntax error.
-v: show nginx version number.
-V: show nginx version of its compiler, as well as environmental information, as well as compile-time parameters.

For example, we have to test whether or not to write a profile in the right, we can use the following command
sbin/nginx – t – c conf/nginx2.conf

Through the signal to the control Nginx

Nginx support of the table signals:

Signal 000

Description of the role of the

TERM, INT TERM, INT
Rapid closure of the program, currently suspended to deal with the request
QUIT
End to deal with the current request to close the program
HUP
Re-configured to load and open a new process, to shut down the process, this will not interrupt request
USR1
Re-open the log file for the switch logs, for example, every day a new generation of log files
USR2
Smooth upgrade executable
WINCH
Easily shut down the work process

There are two ways to control these signals Nginx, the first through the logs directory nginx.pid view the currently running Nginx the process ID, through the kill – XXX <pid> to control Nginx, which is the XXX out on the table The signals were out.  If your system is only one Nginx process, you can also killall order to complete, such as running killall -s HUP nginx to let Nginx reload configuration.

Configuration Nginx

A first look at the actual profile:

 user  nobody;
 worker_processes  4;

 #error_log  logs/error.log;
 #error_log  logs/error.log  notice;
 #error_log  logs/error.log  info; 

 #pid        logs/nginx.pid; 

 events {
    use epoll;
    worker_connections  2048;
 } 

 http {
    include       mime.types;
    default_type  application/octet-stream; 

    #log_format  main  '$remote_addr - $remote_user [$time_local] $request '
    #                  '"$status" $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"'; 

    #access_log  off;
    access_log  logs/access.log;

    sendfile        on;
    #tcp_nopush     on;
    tcp_nodelay     on; 

    keepalive_timeout  65; 

    include 	 gzip.conf; 

   upstream tomcats {
	 server 192.168.0.11:8080 weight=10;
	 server 192.168.0.11:8081 weight=10;
	 server 192.168.0.12:8080 weight=10;
	 server 192.168.0.12:8081 weight=10;
	 server 192.168.0.13:8080 weight=10;
	 server 192.168.0.13:8081 weight=10;
    } 

    server {
        listen       80;
        server_name  localhost; 

        charset utf-8; 

        #access_log  logs/host.access.log  main; 

	 location ~ ^/NginxStatus/ {
	    stub_status on;
	    access_log off;
	 } 

	 location ~ ^/(WEB-INF)/ {
	    deny all;
	 } 

	 location ~ \.(htm|html|asp|php|gif|jpg|jpeg|png|bmp|ico|rar|css|js|
	 zip|java|jar|txt|flv|swf|mid|doc|ppt|xls|pdf|txt|mp3|wma)$ {
             root /opt/webapp;
	    expires 24h;
        } 

        location / {
	    proxy_pass http://tomcats;
	    include proxy.conf;
        } 

        error_page 404 /html/404.html; 

        # redirect server error pages to the static page /50x.html
        #
	 error_page 502 503 /html/502.html;
        error_page 500 504 /50x.html;
        location = /50x.html {
            root   html;
        }
    }
 }

Nginx monitoring

Above is an example of the actual site configuration, in which gray text for that configuration. The above configuration, first of all, we define a location ~ ^ / NginxStatus /, so you can monitor http://localhost/NginxStatus/ through to the run Nginx message that reads as follows: 

Active connections: 70
server accepts handled requests
 14553819 14553819 19239266
Reading: 0 Writing: 3 Waiting: 67

NginxStatus display the contents of the meaning is as follows:

· active connections – currently being processed Nginx to connect the activities of a few.

· server accepts handled requests – handled a total of 14,553,819 connection, the success of the creation of 14,553,819 times to shake hands (no proof of failure in the middle), handled a total of 19,239,266 requests (average of 1.3 shook hands to deal with requests for information).

· reading – nginx read to the client’s Header information number.

· writing – nginx returned to the client’s Header information number.

· waiting – open the keep-alive, equal to the value of the active – (reading + writing), meaning that Nginx have been processed are still waiting for the next request to connect the presence of the command.

Static document processing

Through the regular expression, we can set up Nginx identified a variety of static documents, such as the path to the images under all requests can be written as follows: 

location ~ ^/images/ {
    root /opt/webapp/images;
}

The following is the definition of the configuration files of several types of requests for treatment. 

location ~ \.(htm|html|gif|jpg|jpeg|png|bmp|ico|css|js|txt)$ {
    root /opt/webapp;
    expires 24h;
}

For example, pictures, static HTML files, js script files and documents, such as css style, we hope to deal directly with Nginx and return to the browser, which can greatly speed up the web browsing speed. Therefore we need to file for this type of instruction to root through the designated path of the file stored at the same time as such documents are not often modified by expires in order to control the browser’s cache, so as to reduce unnecessary requests. expires order to control HTTP response in the "Expires" and "Cache-Control" of the header (to control play the role of the page cache). For example, you can use the following form to write Expires: 

expires 1 January, 1970, 00:00:01 GMT;
expires 60s;
expires 30m;
expires 24h;
expires 1d;
expires max;
expires off;

Dynamic page request to deal with

Nginx does not support the popular JSP, ASP, PHP, PERL, and other dynamic page, but it can reverse proxy will be sent to the request of the back-end servers, such as Tomcat, Apache, IIS, and other dynamic page to complete the deal with the request. In front of the configuration example, we first defined by the Nginx to deal directly with a number of requests for static files, all other requests through the proxy_pass instructions sent to the back-end server (in the above example is the Tomcat). The simplest proxy_pass use are as follows: 

location / {
    proxy_pass        http://localhost:8080;
    proxy_set_header  X-Real-IP  $remote_addr;
}

Here we do not have to use the cluster, but the request will be sent directly to run in the 8080’s Tomcat port services up to complete a similar JSP and Servlet to deal with the request.

When the page is visited very often require multiple application servers to share the dynamic operation of the implementation of the page, then we need to use the structure of the cluster. Nginx through upstream order to define a cluster server, the first complete example of our definition of a cluster of tomcats, this cluster of three servers, including a total of 6 Tomcat service. The wording of the directive proxy_pass become: 

location / {
    proxy_pass        http://tomcats;
    proxy_set_header  X-Real-IP  $remote_addr;
}

Nginx in the cluster configuration, Nginx use of the simplest rules of the average distribution to each cluster node allocation requests. Once a node fails, or re-onset time, Nginx will be very timely to deal with changes in the state to ensure that the user will not affect the visit.

Summary

Nginx official functions of the various modules to provide everything that these modules can be combined with the full requirements of a wide range of configurations, such as: compression, anti-Daolian, clusters, FastCGI, streaming media server, Memcached support, URL rewriting, and so on, but also the key Nginx that have HTTP server Apache and other high-performance unmatched.  You can even without changing the structure of the original Web site, through the introduction of front-end Nginx to increase the speed of site visits.

This article is a brief introduction Nginx common, as well as the installation of the basic configuration and use more information on Nginx read the article refer to the back of resources. Here are very grateful to my friend – Chen Lei (chanix@msn.com), he has been doing the Nginx WIKI(http://wiki.codemongers.com/Main), at the same time he introduced me so well Of a software.

If your site is running on Linux, if you do not have to use some of the very complex and can not be completed to determine the function of Nginx, and that you should try Nginx.

Reference

· Access to Nginx English site.

· Access to Nginx Chinese WIKI.

· Access to Nginx English WIKI.

· Another lightweight HTTP server lighttpd.

Access to products and technologies

· Download the latest version of Nginx.

· Download PCRE.

Tagged with:
Dec 28

nginx rewrite parameters

By jason Nginx Server No Comments »

Regular expressions to match, of which:
* ~ For the case-insensitive match
* ~ * For the case-insensitive match
*! ~ And! ~ * Are case-sensitive does not match and are not case-sensitive documents and directories do not match to match, of which:
*-F and!-F used to determine the existence of a document
*-D and!-D used to determine the existence of directory
*-E and!-E used to determine the existence of files or directories
*-X and!-X used to determine whether the executable fileflag markers are:
* Last equivalent to Apache’s [L] tag that complete rewrite, no longer match the back of the rules
* Break with the last similar
* Redirect the return of 302 temporary redirect
* Permanent return of 301 permanent redirect some of the available global variables can be used to determine the conditions (to be completed)
$args $ args
$content_length $ content_length
$content_type $ content_type
$document_root $ document_root
$document_uri $ document_uri
$host $ host
$http_user_agent $ http_user_agent
$http_cookie $ http_cookie
$limit_rate $ limit_rate
$request_body_file $ request_body_file
$request_method $ request_method
$remote_addr $ remote_addr
$remote_port $ remote_port
$remote_user $ remote_user
$request_filename $ request_filename
$request_uri $ request_uri
$query_string $ query_string
$scheme $ scheme
$server_protocol $ server_protocol
$server_addr $ server_addr
$server_name $ server_name
$server_port $ server_port
$uri $ uri

 

 

Tagged with:
preload preload preload